|
|
Created:
3 years, 10 months ago by Gleb Lanbin Modified:
3 years, 10 months ago CC:
chromium-reviews, pdr+renderingwatchlist_chromium.org, zoltan1, blink-reviews-layout_chromium.org, szager+layoutwatch_chromium.org, eae+blinkwatch, leviw+renderwatch, jchaffraix+rendering, blink-reviews Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionMake LayoutListItem::value to use SaturatedAddition to prevent integer overflow
The problem has been spotted by UBSan.
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4949437635100672
BUG=658714
Review-Url: https://codereview.chromium.org/2695223007
Cr-Commit-Position: refs/heads/master@{#451822}
Committed: https://chromium.googlesource.com/chromium/src/+/e451db7ebedfa9a2b43b99f4c789cdde7ca97421
Patch Set 1 #Patch Set 2 : Prevent integer overflow in LayoutListItem::calcValue #Patch Set 3 : use SaturatedAddition #Messages
Total messages: 32 (26 generated)
The CQ bit was checked by glebl@chromium.org to run a CQ dry run
glebl@chromium.org changed reviewers: + cbiesinger@chromium.org
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_compile_dbg_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL)
The CQ bit was checked by glebl@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
glebl@chromium.org changed reviewers: + tkent@chromium.org
switched to SaturatedAddition per suggestion from cbiesinger@
lgtm but please update the description now that this uses saturated arithmetic
Description was changed from ========== Make LayoutListItem::value to be an unsigned integer so that overflow has defined behavior. The problem has been spotted by UBSan. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4949437635100672 BUG=658714 ========== to ========== Make LayoutListItem::value to use SaturatedAddition to prevent integer overflow The problem has been spotted by UBSan. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4949437635100672 BUG=658714 ==========
The CQ bit was checked by glebl@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromeos_daisy_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) chromium_presubmit on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_asan_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL)
The CQ bit was checked by glebl@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by glebl@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by glebl@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch. Bot data: {"patchset_id": 40001, "attempt_start_ts": 1487698791119830, "parent_rev": "e68b6f952c8cccec38c09a72c90ad4546f169a16", "commit_rev": "e451db7ebedfa9a2b43b99f4c789cdde7ca97421"}
Message was sent while issue was closed.
Description was changed from ========== Make LayoutListItem::value to use SaturatedAddition to prevent integer overflow The problem has been spotted by UBSan. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4949437635100672 BUG=658714 ========== to ========== Make LayoutListItem::value to use SaturatedAddition to prevent integer overflow The problem has been spotted by UBSan. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4949437635100672 BUG=658714 Review-Url: https://codereview.chromium.org/2695223007 Cr-Commit-Position: refs/heads/master@{#451822} Committed: https://chromium.googlesource.com/chromium/src/+/e451db7ebedfa9a2b43b99f4c789... ==========
Message was sent while issue was closed.
Committed patchset #3 (id:40001) as https://chromium.googlesource.com/chromium/src/+/e451db7ebedfa9a2b43b99f4c789... |